package vboot.core.security.authz;

import org.springframework.beans.factory.annotation.Autowired;
import vboot.core.module.sys.api.main.SysApiMainHand;
import vboot.core.security.pojo.Zuser;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Component;

import javax.servlet.http.HttpServletRequest;

@Component
public class AuthzHandler {

    public boolean hasPermission(HttpServletRequest request, Authentication authentication) {
        Zuser zuser;
        try {
            zuser = (Zuser) authentication.getPrincipal();
        } catch (Exception e) {
            //e.printStackTrace();
            return false;
        }
        String uri = request.getRequestURI();
        String method = request.getMethod();
        if("/getMenuList".equals(uri)||"/getUserInfo".equals(uri)){
            return true;
        }
        return apiHand.hasPerm(zuser, method, uri);

    }

    @Autowired
    private SysApiMainHand apiHand;

}
